Vermont (VERsatile MONitoring Toolkit) is an open-source software toolkit for the creation and processing of network flow data, based on monitored Internet Packet data. The IETF standard IPFIX (IP Flow Information eXport) defines the formats and procedures for handling these flows. Furthermore, the Netflow.v9 and the PSAMP (Packet Sampling) standards are supported. Vermont runs on Linux and derivatives of BSD. It can receive and process raw packets via PCAP (up to 1 GBit/s) as well as IPFIX/Netflow.v9 flow data.

Vermont has been developed by the networking groups of FAU Erlangen (Computer Networks and Communication Systems) and TU München (Network Architectures and Services, formerly located in Tübingen) as part of the HISTORY Project.

Presently, the following modules are available:

• Importers capture raw data via PCAP, receive Netflow.v9 and flow data via UDP and SCTP (Stream Control Transmission Protocol)
• Samplers and filters provide sampling algorithms and packet filter definitions
• Exporters export data using IPFIX, PSAMP, or IDMEF
• Aggregators aggregate incoming data according to customizable rules
• Analyzers detect anomalies in flows and output events

Modules can be linked in almost any combination: only the input and output data type of linked modules need to be compatible. Modules may also have more than one succeeding and preceding module. The following figure shows an example for an arrangement of several modules. In this configuration, Vermont captures packets using PCAP, filters these packets and exports the selected records. A second branch aggregates flows, which, in turn, are exported using and analyzed in a portscan detector, respectively. The whole application framework is multithreaded and each module may use dedicated threads for data processing. The example also shows a queue between two modules to buffer elements.

• Look at the Download Page and download Vermont, and maybe also the management system.
• Follow the instructions here.
• If you have any questions, do not hesitate to send a mail to the mailing list vermont-dev@lists.berlios.de